Compliance

Is your audit committee telling the right story?

They studied audit committees for 10 years. Here’s what they learned.
article cover

Thanakorn Lappattaranan/Getty Images

· 4 min read

In 2014, the Center for Audit Quality set out on a mission to understand how audit committees were communicating with investors and others about their critical work.

Last month, the organization published the 10th annual edition of its Audit Committee Transparency Barometer, a partnership with Ideagen Audit Analytics.

The results show significant changes in how companies are disclosing information about their audit oversight—and they raise some important questions for leaders as they try to meet ever-growing demands for information.

“It’s the only research that I’m aware of that is comprehensive to look at best practices for disclosures of oversight of the auditor by the audit committee,” said Vanessa Teitelbaum, senior director of professional practice at the CAQ.

The report includes analysis of the audit-related disclosures in the Standard & Poor’s Composite 1500, which includes small, mid, and large-cap companies.

Appointing the auditor. Companies are disclosing more information lately about the selection process for the external auditor, according to the report. Most notably, nearly half of the S&P 500 now reports on the audit committee’s considerations in appointing or reappointing the external auditor—up from just 13% in 2014.

Similarly, more than 70% of the S&P 500 is now disclosing the length of time that the auditor has been engaged.

“We think…effective audit committees are very active and very engaged in their oversight of the external auditor,” Teitelbaum said.

More detailed disclosures can help investors and auditors understand and trust the work of the auditor and audit committee, she said, adding: “We hear some investors feel that the audit is a black box. They want more transparency. They want to understand the significant judgments of the auditor.”

Room for improvement? Only a small portion of companies are providing further disclosures about how they considered the length of an auditor’s tenure with the company.

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.

The idea is not that a long tenure for an auditor is inappropriate, but companies should continue to think and talk about whether a particular firm is still the right choice, Teitelbaum said.

“It’s something to think about every year,” she said. “Is the firm continuing to execute with all the skills that you need?”

The study also tackled the subject of just how much companies are paying for audits. As the report points out, abnormally low audit fees may lead to subpar results, while abnormally high fees could be inefficient.

But just 6% of the S&P 500 made disclosures related to a discussion of audit fees and their connection to audit quality in 2023. And only about 25% provided explanations about a change in fees.

Cybersecurity and ESG grows up. Boards have been emphasizing cybersecurity and ESG more in the last 10 years.

For example, only 7% of large-cap companies disclosed that their board of directors had a cybersecurity expert back in 2016. Today, that number stands at 51%.

Similarly, disclosures about ESG expertise have leaped upward in just the last year.

But that still leaves an interesting question, Teitelbaum said: Should the board’s expertise in these subjects come in the form of a single deep-dive expert? Or is it better to appoint all-rounders to the board and audit committee?

The expertise “could be on the board itself. Or it could be routine meetings with your CIO, it could be bringing in an external expert,” Teitelbaum said. “Companies approach it differently. But disclosing the skills [and] disclosing who’s responsible for risks, I think, are all part of how a company tells their story about their governance.”

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.